Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Lifecycle Timeline
6DescriptionCVE.org
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
AnalysisAI
Critical remote code execution vulnerability affecting Netcom NTC 6200 and NWL 222 series network devices. The vulnerability stems from multiple command injection flaws in the web interface combined with hardcoded credentials, allowing authenticated remote attackers to execute arbitrary commands with elevated privileges. With a CVSS score of 8.6 and an attack vector requiring only adjacent network access and low privileges, this vulnerability poses significant risk to organizations deploying these devices in networked environments.
Technical ContextAI
The Netcom NTC 6200 and NWL 222 series devices expose a web-based management interface for device configuration and operation. The vulnerability root cause is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command 'Command Injection'), indicating that user-supplied input to multiple web endpoints is not properly sanitized before being passed to shell command execution functions. The underlying technology involves HTTP/HTTPS web interfaces that process operator-supplied configuration parameters. The presence of hardcoded credentials compounds this issue by reducing the authentication barrier—attackers may leverage default or embedded credentials to bypass initial access controls. The affected CPE strings are implied to be: cpe:2.3:a:netcom:ntc_6200:*:* and cpe:2.3:a:netcom:nwl_222:*:*, though specific version ranges are not detailed in the provided description.
RemediationAI
Immediate actions: (1) Restrict network access to the web management interface via network segmentation (firewall rules limiting access to trusted administrator networks only). (2) Change any default/hardcoded credentials if alternative authentication mechanisms exist. (3) Monitor access logs for suspicious configuration attempts. Long-term: (1) Apply security patches from Netcom as released (check Netcom security advisories for specific patch versions). (2) Implement network-based input validation or WAF rules to block command injection payloads if patches are not immediately available. (3) Disable the web management interface if not required, using serial console or out-of-band management instead. (4) Implement network segmentation to ensure management traffic is isolated from general network traffic.
Same weakness CWE-77 – Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16616